I found a memory address and used Cheat Engine's pointer scan to get referring pointers. To use it in a script I need a base address, which is [game.exe+009274]. How to convert this to an address for use in AutoIt script?
I use NomadMemory.au3 UDF.
I have written 2 function some time ago. One to load all the modules loaded with the process and one to get the base address of the module you need. Both might be handy here.
Local $iPID = WinGetProcess("app.exe")
Local $sLoadedModules = _ProcessGetLoadedModules($iPID)
Local $My_dll = _MemoryModuleGetBaseAddress($iPID, "My.dll")
For $i = 0 To UBound($sLoadedModules) - 1
ConsoleWrite($sLoadedModules[$i] & @LF) ; find your process here
Next
ConsoleWrite($My_dll & @LF)
Func _ProcessGetLoadedModules($iPID)
Local Const $PROCESS_QUERY_INFORMATION = 0x0400
Local Const $PROCESS_VM_READ = 0x0010
Local $aCall, $hPsapi = DllOpen("Psapi.dll")
Local $hProcess, $tModulesStruct
$tModulesStruct = DllStructCreate("hwnd [200]")
Local $SIZEOFHWND = DllStructGetSize($tModulesStruct) / 200
$hProcess = _WinAPI_OpenProcess(BitOR($PROCESS_QUERY_INFORMATION, $PROCESS_VM_READ), False, $iPID)
If Not $hProcess Then Return SetError(1, 0, -1)
$aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", DllStructGetSize($tModulesStruct), "dword*", "")
If $aCall[4] > DllStructGetSize($tModulesStruct) Then
$tModulesStruct = DllStructCreate("hwnd [" & $aCall[4] / $SIZEOFHWND & "]")
$aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", $aCall[4], "dword*", "")
EndIf
Local $aReturn[$aCall[4] / $SIZEOFHWND]
For $i = 0 To UBound($aReturn) - 1
$aCall = DllCall($hPsapi, "dword", "GetModuleFileNameExW", "ptr", $hProcess, "ptr", DllStructGetData($tModulesStruct, 1, $i + 1), "wstr", "", "dword", 65536)
$aReturn[$i] = $aCall[3]
Next
_WinAPI_CloseHandle($hProcess)
DllClose($hPsapi)
Return $aReturn
EndFunc ;==>_ProcessGetLoadedModules
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
If Not IsString($sModule) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020)
If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc ;==>_MemoryModuleGetBaseAddress